NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: rupertvz on April 21, 2021, 02:36:45 AM

Title: Strict-Transport-Security / Missing Header
Post by: rupertvz on April 21, 2021, 02:36:45 AM

Hi Bruce,

We've run a security and vulnerability scan for a client on their web application.
The only problem we picked up was a finding on "Strict-Transport-Security / Missing Header"

How can we pass this security check?

Title: Re: Strict-Transport-Security / Missing Header
Post by: urayoan on April 21, 2021, 03:38:29 AM

Hi rupertvz:
  What version of NetTalk you have installed? I think that was addressed in recent version as far as I recall

Title: Re: Strict-Transport-Security / Missing Header
Post by: rupertvz on April 21, 2021, 05:38:37 AM

Thank you, I am using 11.45

Title: Re: Strict-Transport-Security / Missing Header
Post by: urayoan on April 21, 2021, 05:55:24 AM

Quote from: rupertvz on April 21, 2021, 05:38:37 AM

Thank you, I am using 11.45

I think in that version of NetTalk, the server settings tab template is included. If implemented, you are gonna see something like the screenshot included in this post.

If not, I think another way to implement the Strict-Transport-Security is with this, near the embed

s_web._SitesQueue.Defaults.StrictTransportSecurity = 'Strict-Transport-Security: max-age=31536000;'

More examples how to set it here
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security